Multitasking Fraudsters
Thursday July 19, 2007 at 2:19 pm CST
Posted by Seth Purdy
I had a recent encounter with online fraud and social engineering that was unusually complex.
I was selling an item on eBay. The item was brand new, and retails for $250. So, imagine my surprise when I received the email announcing the auction ended with a winning price of $395!
This was followed about two hours later by another email from eBay, notifying me that the auction had been canceled due to fraudulent bidding.
I didn’t think much of it, other than being mildly frustrated at later having to relist the item and wait for another auction to complete.
The next day I received a poorly constructed fake PayPal “confirmation” email, showing that the winner of the auction had sent me funds, not only for $395, but with an additional $100 for shipping! The terms at the end were distinctly out of synch with the actual PayPal process (warning of account cancellation unless the item was shipped and tracking number sent, and the highly suspect paypal.enquiry@OfficeEmail.net address specified for communiations). The shipping address for the item? A location in Nigeria.
What I found interesting was that the hyperlink to the eBay item included in this fake payment email pointed to the United Kingdom version of eBay and with a completely different item number. That auction had been pulled as well by the time I recieved the email, so I couldn’t examine what was going on. My suspicion is that my original auction posting may have been duplicated in hopes that it would remain if the original auction was discovered as fraudulent and canceled. (BTW, kudos to eBay for quickly identifying and canceling both!)
About an hour after this fake payment message, I got an email from the “winner” of the auction:
Hot on the heels of this, I next received what ended up being the final communication:
Although the whole endeavor lacked a lot in establishing authenticity, I was intrigued by the different elements that were used in the attempt. To sum up, we have:
- Fraudulent bidding to push an eBay item well beyond its reasonable value, along with…
- Possible duplication of the auction posting in an attempt to support…
- A fraudulent PayPal notice, which includes social engineering elements of both additional money and threatened account suspension, followed by…
- Multiple communications from the auction “winner” that also include both negative (threatening to involve law enforcement) and positive (offer of possibly even more money beyond the already ridiculously inflated price) social engineering elements.
That’s a good amount of work to go through to get a hold of my $250 item! Nonetheless, I could imagine more sophistcated versions of such a multipronged fraud attack being disturbingly effective.
July 20th, 2007 at 04:46
Wow… thanks goodness to ebay to detect it earlier… I could not imagine this kind of thing will happen. I better to start take precaution steps on this.. anyway, good info from u Seth!
July 22nd, 2007 at 10:54
this is why I go after every spammer through spamcop (the original not the fake spamcop).
George
July 24th, 2007 at 10:59
Of course it was real obvious when they paid more than the item was worth. And the grammar used in the replies should have been yet another indication.
I’ve received several spoofed ebay site, US Bank, and paypal spoof emails. Looks exactly like ebay. Even the url appears correct. I believe their link simply points to a server and the drive connection name was probably http://www.ebay.com.
Just because the link address looks like http://www.ebay.com doesn’t mean that’s were you have been directed. Many corporate intranets use strategies to prevent you from seeing the real server name. When you open the site it might appear as http://www.ebay.com in the address bar but be actually directing you to something like \\204.205.15.122\j$\rippin of ebayers\mo money.
Good idea to never login to any ebay link in an email or paypal link in an email.
My favorite part of this guys attempt above was the threat to call the FBI. Oooooh scary. Maybe the CIA will should get involved too. LOL
October 25th, 2008 at 05:31
i happen the same fake email to me.and i was so sure about it to fast :O.so isearch in google to know more about that email: Pay-Pal……..@officeemail.net
and i pound this page very nice of you seth thanks mate.